September 11, 2012

What the Hack?!? – GoDaddy Denies Yesterday’s Cybersecurity Breach

Yesterday´s news cycle was filled with complaints about downed servers and websites, not to mention plenty of jokes at Danica Patrick´s expense. A member of the Anonymous hacking collective known on Twitter as @Anonymousown3r took to the microblogging site yesterday to take credit for bringing GoDaddy.com to its knees using a DDoS attack.

In an odd turn of events, however, GoDaddy has issued a press statement today denying that any kind of attack took place on their servers.

“The service outage was not caused by external influences,” wrote Scott Wagner, CEO of GoDaddy.

“It was not a "hack" and it was not a denial of service attack (DDoS),” he went on. “We have determined the service outage was due to a series of internal network events that corrupted router data tables. Once the issues were identified, we took corrective actions to restore services for our customers and GoDaddy.com. We have implemented measures to prevent this from occurring again.”

This admission by Wagner now leaves those who were affected by yesterday´s outages wondering whether they should believe a cyber criminal or a SOPA-supporting domain hosting service whose founder has been known to brag about his elephant killings.

@AnonymousOwn3r responded later on Twitter, saying, “Whooa @godaddy is denying that it was hacked by me! they don´t wanna show their cybersecurity is bad this way they would lose customers!”

A few moments later, the hacker who claimed responsibility added, “I think i will have to bring down godaddy.com again, so this way they would admit instead of hiding the attack.”

According to GoDaddy´s statement, the outage began around 10 AM PST yesterday morning and lasted till 4PM PST when services were once again fully restored. Though the company did say they have taken steps to prevent this kind of outage from occurring again, they did not specifically mention what had caused their routers to become corrupted.

Wagner also said, “At no time was any customer data at risk or were any of our systems compromised.”

“Throughout our history, we have provided 99.999% uptime in our DNS infrastructure. This is the level our customers expect from us and the level we expect of ourselves. We have let our customers down and we know it.”

At the time of this writing, @AnonymousOwn3r continues to suggest that they might attempt another takedown of the site, although it is unclear whether the hacker is seriously considering another attack.

While a little elephant hunting and SOPA supporting doesn't necessarily make for a poorly run company, these incidents (as well as those racy Super Bowl ads) have sent customers rushing to other domain registrars in the past in search for more ethically pleasing pastures.

Last week, AntiSec, an arm of Anonymous, leaked 1 million Apple iPhone and iPad UDIDs, a small fraction of the alleged 12 million that the hackers claim they lifted from an FBI laptop. Apple denied giving these UDIDs to the FBI, while the FBI denied being in possession of these identifiers.

Yesterday, Blue Toad publishing came forward, saying the UDIDs were stolen from their servers 2 weeks ago, several months later than when AntiSec had claimed to have stolen this information from the FBI.